Skip to content

chore: refactor instance identity to be a SessionTokenProvider #19566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 3, 2025
Merged

chore: refactor instance identity to be a SessionTokenProvider #19566

merged 5 commits into from
Sep 3, 2025

Conversation

spikecurtis
Copy link
Contributor

@spikecurtis spikecurtis commented Aug 27, 2025
edited
Loading

Refactors Agent instance identity to be a SessionTokenProvider.

Refactors the CLI to create Agent clients via a centralized function, rather than add-hoc via individual command handlers and their flags.

This allows commands besides coder agent, but which still use the agent identity, to support instance identity authentication.

Fixes #19111 by unifying all API requests to go thru the SessionTokenProvider for auth credentials.

@spikecurtis Graphite App
Copy link
Contributor Author

spikecurtis commented Aug 27, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@spikecurtis spikecurtis mentioned this pull request Aug 27, 2025
Merged
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from 1b453cd to 421347b Compare August 28, 2025 06:25
@spikecurtis spikecurtis force-pushed the spike/refactor-sdk-session-token-provider branch from 6f7bb8d to ad7200f Compare August 28, 2025 06:25
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from 421347b to 7b1affe Compare August 28, 2025 06:40
@spikecurtis spikecurtis force-pushed the spike/refactor-sdk-session-token-provider branch 2 times, most recently from 7789799 to d9ee61f Compare August 28, 2025 09:36
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from 7b1affe to a13a334 Compare August 28, 2025 09:36
@spikecurtis spikecurtis requested a review from mafredri August 28, 2025 10:56
@spikecurtis spikecurtis marked this pull request as ready for review August 28, 2025 10:56
@spikecurtis spikecurtis mentioned this pull request Aug 28, 2025
Merged
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch 2 times, most recently from ad45ac9 to ce4943c Compare August 29, 2025 08:00
@spikecurtis spikecurtis force-pushed the spike/refactor-sdk-session-token-provider branch from 53e1b76 to 7ea81d2 Compare August 29, 2025 08:00
mafredri
mafredri reviewed Aug 29, 2025
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the most part, this looks like a good and a useful refactor 👍🏻.

I'd like to see something done about the root command logic/flag, however (see comment). Other than that just minor suggestions.

codersdk/agentsdk/aws.go
@@ -0,0 +1,97 @@
package agentsdk
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion (optional): Consider moving into sub-package, assuming there aren't any blocking dependencies to this package that would cause a circular import.

@spikecurtis spikecurtis changed the base branch from spike/refactor-sdk-session-token-provider to graphite-base/19566 August 29, 2025 08:41
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from ce4943c to 608b392 Compare August 29, 2025 08:41
@graphite-app graphite-app bot changed the base branch from graphite-base/19566 to main August 29, 2025 08:42
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch 3 times, most recently from 59667e7 to 54f6878 Compare September 2, 2025 11:18
@spikecurtis spikecurtis requested a review from mafredri September 2, 2025 11:20
@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from 54f6878 to 6cddf93 Compare September 2, 2025 11:39
mafredri
mafredri approved these changes Sep 2, 2025
View reviewed changes
Copy link
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This turned out nice, and love the explicit flag docs this gives us, thanks for implementing! Two minor suggestions but nothing blocking :shipit:

cli/root.go
@@ -220,7 +224,7 @@ func (r *RootCmd) Command(subcommands []*serpent.Command) (*serpent.Command, err
// with a `gitaskpass` subcommand, we override the entrypoint
// to check if the command was invoked.
if gitauth.CheckCommand(i.Args, i.Environ.ToOS()) {
return r.gitAskpass().Handler(i)
return gitAskpass(hiddenAgentAuth).Handler(i)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice solution 👍🏻

@spikecurtis spikecurtis force-pushed the spike/refactor-agentsdk-instance-identity branch from 6cddf93 to 68c9194 Compare September 3, 2025 06:26
@spikecurtis spikecurtis merged commit 1354d84 into main Sep 3, 2025
32 of 34 checks passed
@spikecurtis Graphite App
Copy link
Contributor Author

Merge activity

@spikecurtis spikecurtis deleted the spike/refactor-agentsdk-instance-identity branch September 3, 2025 06:38
@github-actions github-actions bot locked and limited conversation to collaborators Sep 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

Assignees

@spikecurtis spikecurtis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug: Prebuilds agent reinitialization doesn't work if cloud identity is used
2 participants
@spikecurtis @mafredri